Unrated severityNVD Advisory· Published Dec 19, 2000· Updated Apr 16, 2026

CVE-2000-0884

Description

IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.

Affected products

Microsoft/Internet Information Server
cpe:2.3:a:microsoft:internet_information_server:4.0:*:*:*:*:*:*:*
Microsoft/Internet Information Services
cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.osvdb.org/436nvd
www.securityfocus.com/bid/1806nvd
docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-078nvd
exchange.xforce.ibmcloud.com/vulnerabilities/5377nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A44nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.067
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000